Your organization may have adopted many, if not all, of the new mandatory standards voluntarily as part of the Defense Industry Initiative (DII) Group or other corporate responsibility program. As a minimum response to the new rules, however, we recommend a self-assessment of existing records for evidence of a current comprehensive risk assessment and a recent compliance program effectiveness audit. These two overarching areas of the model DII ethics program require on-going activities especially after mergers and acquisitions, organizational changes and an emphasis on internal controls for financial reporting.
The risk assessment involves both legal (e.g., FCPA, Buy America Act, Procurement Integrity, Truth in Negotiations Act and Conflicts of Interest) as well as accounting (cost accounting, estimating, time charging, billing and indirect rates) areas. Our subject matter specialists can assist with conducting a risk assessment using our extensive resources including a data collection and risk reporting tool, as well as evaluating the effectiveness of compliance programs.
If you would like to discuss an appropriate response to the new rule in view of your existing ethics and compliance programs, please contact Jim Thomas, Partner and Aerospace & Defense Advisory Leader at 202.414.1370 or Joe Barsalona, Partner, at 646.471.5748.
Because ethics and compliance programs are now contractually required (FAR 52.203-13 and 52.203-14), we expect the government to exercise its right to inspect contractors' records for compliance. Forthcoming legislation calls for the GAO to inform Congress about the extent of implementation of the ethics program requirements at major defense contractors. Failure to meet the minimum standards may create a reputational risk for contractors found deficient through government oversight activities.